Goooood day everyone again,
today I have had another fight with the spam cartel that my client fell victim of. Once upon a time there was not so powerful UTM providing internet to not so crowded office in not so security-aware Central Europe.
All would be good and well if not this problem – they could not [...]
Displaying posts written by
Yuri
who has written 47 posts for yurisk.info.
Mar
8
2010
8
2010
awk weekly – Checkpoint Anti Spam statistics or viva la Open Relays
Mar
3
2010
3
2010
Abra – the new toy from the Checkpoint
Checkpoint announced availability (for inquiries yet) of their new project Abra – secured virtualized desktop solution. I myself haven’t seen nor tried this so can only judge from different sources. In essence we talk here about USB stick of approx. 5 Gb or 8 Gb that includes virtual image of the applications you need to [...]
Feb
28
2010
28
2010
Cisco IPS sensor – initial setup
Hello everyone. As I proceed in my studies towards the CCIE Security lab I’m starting a new category on the site – Cisco IPS. I will be posting all the things I learn about this gear, even the basics as I noted that on the Internet Cisco IPS sensors
are not much talked about and while [...]
Feb
26
2010
26
2010
awk weekly – how to see Checkpoint logs on command line
Hey Everyone, I decided to start a weekly column of awk scripting where I will bring interesting (I am being subjective I know) short scripts that made my life easier in dealing with actual problems in the wild or just look cool.
Until recently I had never had any need to work with Checkpoint log files [...]
Feb
26
2010
26
2010
Difference between ebgp-multihop and ttl-security.
Once upon a time reading some CCIE paper at work I asked myself a question : “Why would someone bother to invent ttl-security and even write RFC http://tools.ietf.org/html/rfc5082 on it when multi-hop EBGP feature provides the same end result ?” .
The results of my busy/doing-nothing activity I present here.First some background. For some (unknown to [...]
Feb
25
2010
25
2010
VPN client stops working in visitor mode after major update
Yesterday I got asked to check the VPN client issue . After upgrade from NGX R65 to R70 VPN client doesn’t connect when Visitor mode is enabled . The moment you disable Visitor mode the same client to the same firewall works just fine. This happens
often so I bring it here . Actually I see [...]
Feb
13
2010
13
2010
fw monitor add-on
There is something I didn’t include in the previous post fw monitor command reference about fw monitor as I think it is rather optional and you can do well without it . I talk about tables in defining filter expressions. INSPECT – proprietary scripting language by the Checkpoint on which filtering expressions are [...]
Feb
3
2010
3
2010
Fortigate firewall demo free access. Also FortiManager and FortiAnalyzer
As someone said best things in life are free.
Here are links to the demo Forigate firewall, ForiAnalyzer and FortiManager open to access from anywhere . So that you can
familiarize yourself with the Management GUI look and feel.
NOTE: Access is read-only.
NOTE 2: No , it is not me being so generous, it’s Fortinet caring for us.
Fortigate [...]
Feb
1
2010
1
2010
Mail alert on ssh login or any other rule hit in Checkpoint
I once SSH login alert presented the way to send mail alert after successful login by ssh to any Linux-based machine , including Checkpoint firewalls. Now, thanks to folks at cpug.org that draw my attention to it, I will show how to get mail Alert on ANY rule in the security rulebase of [...]
Feb
1
2010
1
2010
Capture packets at IOS Cisco router or finally we have a sniffer
Finally it is here – built-in sniffer on the Cisco IOS platform ! Starting IOS 12.4(20) release Cisco introduces brand new feature
called Embedded Packet Capture (EPC) that allows us to capture raw packets on the Cisco router and then later analyze it offline.
It can capture any traffic passing through the router, destined to it, [...]